On 9/20/18 8:01 AM, Joe Lawrence wrote:
> On Mon, Aug 27, 2018 at 12:45:25AM -0700, Kees Cook wrote:
>> On Tue, May 29, 2018 at 6:27 AM, Andy Whitcroft
>> wrote:
>>> On Wed, Mar 07, 2018 at 04:02:45PM -0800, Brian Belleville wrote:
The final field of a floppy_struct is the field "name", whic
On Mon, Aug 27, 2018 at 12:45:25AM -0700, Kees Cook wrote:
> On Tue, May 29, 2018 at 6:27 AM, Andy Whitcroft
> wrote:
> > On Wed, Mar 07, 2018 at 04:02:45PM -0800, Brian Belleville wrote:
> >> The final field of a floppy_struct is the field "name", which is a
> >> pointer to a string in kernel me
On Tue, May 29, 2018 at 6:27 AM, Andy Whitcroft wrote:
> On Wed, Mar 07, 2018 at 04:02:45PM -0800, Brian Belleville wrote:
>> The final field of a floppy_struct is the field "name", which is a
>> pointer to a string in kernel memory. The kernel pointer should not be
>> copied to user memory. The F
On Tue, 2018-05-29 at 14:27 +0100, Andy Whitcroft wrote:
[...]
> >From ddb8c77229a9507fa5575c910d2847e123a9c94c Mon Sep 17 00:00:00 2001
> From: Andy Whitcroft
> Date: Tue, 29 May 2018 13:04:15 +0100
> Subject: [PATCH 1/1] floppy: Do not copy a kernel pointer to user memory in
> FDGETPRM ioctl
>
On Wed, Mar 07, 2018 at 04:02:45PM -0800, Brian Belleville wrote:
> The final field of a floppy_struct is the field "name", which is a
> pointer to a string in kernel memory. The kernel pointer should not be
> copied to user memory. The FDGETPRM ioctl copies a floppy_struct to
> user memory, includ
Hi, are there any comments on this patch or the issue I described? I
have tested the FDGETPRM ioctl and confirmed that the struct it returns
does contain a pointer to kernel data. I also have tested my patch, and
with it applied the returned struct no longer contains a kernel pointer,
but all o
The final field of a floppy_struct is the field "name", which is a
pointer to a string in kernel memory. The kernel pointer should not be
copied to user memory. The FDGETPRM ioctl copies a floppy_struct to
user memory, including the "name" field. This pointer cannot be used
by the user, and it will
7 matches
Mail list logo